Today Engine Yard announced enhancements that will make its architecture increasingly flexible and modular. As we were preparing for the announcement, I took some time to reflect on where Engine Yard started, where we are headed and how the industry is evolving.

Companies today are literally running past existing players in the market by focusing on end user value instead of getting distracted by infrastructure and system software. For example, we have a customer in the sports reporting field who became the #3 entity in its market within five years. They passed several companies that have been in the space for decades. They achieved this by focusing on how to get content into their application from the outside world and they spent almost none of their time or money worrying about how the infrastructure works or how to create the right runtime environment - and they did this with Platform as a Service (PaaS).

PaaS helps them:

Focus on features and user experience without being dragged into the details of operating and managing infrastructure.

Use infrastructure and software as an on-demand utility to convert capital expenditures into variable costs.

From Managed Hosting to Platform as a Service

Six years ago, before the days of PaaS, Engine Yard started as a managed hosting company. When hosting applications we would configure servers, load system software, install application code and then run applications on behalf of clients. We did this enough times that we saw an opportunity to scale through automation. We also realized that hosting an application entails two businesses:

Owning the physical infrastructure (servers, storage, power, etc)

Operating the software that manages the hardware and empowers the application

We decided to focus on the software layer and grow it into the business now called PaaS.

Developers focus on apps, we handle DevOps

Let's examine how PaaS is changing the way people build application businesses, by looking at how one of our customers, a well known media company, runs their web app (i.e. website) on our PaaS. The front-end of their app is primarily JavaScript that runs in a browser. In the backend they have a lot of Ruby and database code that helps serve all the pages, stream their videos, etc. To run their application, our automation system installs their code and then configures a runtime environment, including an operating system, language environment, database environment, and the web tier frameworks necessary to run a modern website.

Our customer points to their code repository literally with an HTTP call, and then we take care of everything necessary to run it. If they anticipate extra traffic they can easily add (or decommission) additional compute resources with just a couple clicks. But not all PaaS options are created equal and it's important to understand architectural differences and how those might constrain your business.

Choosing a PaaS: The balance between control and automation

Some providers deliver complete automation in a black box. Like all automation, you don't necessarily have control, but it does exactly what it says it's going to do. You can use it for relatively simple workloads that will not need much modification. Once deployed, the app will run and that's a reasonable approach for some use cases. Another trade off with the black box approach is that infrastructure and virtual machines are typically used in a shared manner. Potential issues include:

Security issues: shared access to the platform introduces risk across all workloads

Single point of failure: If the platform goes down, so does your application

At the other end, is the do it yourself approach where you're responsible for building and managing the automation offered by a conventional PaaS. You procure hardware, or provision infrastructure from a hosting provider, but you still need to build, configure, and manage operating systems, middleware and databases. You end up spending a lot of time on operational and administrative tasks that are non-revenue generating.

The approach Engine Yard advocates - increase control and allow for choice - is the basis of the architecture we have brought to market and will continue updating throughout this year. Choice between different types of components and infrastructures to run applications on and the ability to go underneath the defaults and gain control and access to the actual virtual machine. Faster provisioning through our new clusters, a purpose built set of virtual machines for applications, databases and utility processes. We know from experience that such an architecture is best for serious commercial workloads.
Learn more about the vision for our architecture in this 4 min whiteboard video

Even with this approach, trusting a vendor to help you with something as important as running your application inevitably raises questions.

PaaS is great - but what about security?

It's true that you give up some control in areas historically owned by IT departments; for instance, the server itself isn't actually on premise. To address these concerns, our architectural updates are making it possible to implement and control security policy throughout the infrastructure, platform and application layers. At the infrastructure layer, our partners are now able to provide SOC and HIPAA certified solutions. At the software layer our philosophy is to provide well architected defaults while allowing developers to retain operational control.
For example, an important area of security is key management. To help developers feel comfortable, we provide visibility into the entire process and they can even access and manage the keys themselves. So, even though we handle the painful part of managing thousands of SSH and SSL keys, we're not hiding it. In addition, we're continuing to expand security capabilities to provide further transparency and visibility.

PaaS is great - but can't I just do this myself?

If you're a small company with a great idea, it's very clear that PaaS lowers the entry cost tremendously. You don't have to license a bunch of software, set up servers or negotiate with an infrastructure provider. You gain immediate access to a platform that's capable of serving millions of end users. And you only need to spend on infrastructure as you grow, you don't have to otherwise. When growth accelerates you can avoid hiring people to take care of infrastructure and instead put more money into what you do best - developing the application.

Increasingly, what you think of as an application is really a user interface running in your pocket or on a tablet - while the app itself is running on a virtual server in the cloud. You may use the application on your laptop at work, with your cell phone on your commute and then perhaps with your TV or tablet at home. Same app, different interfaces - available to you wherever you want it - all running in the cloud. Cloud computing is making ubiquitous application experiences readily available, and yet it's very early in the cycle where people learn how utility-based compute is going to change how experiences are delivered.

PaaS lets you launch a bold and risky idea without huge upfront investment. For example, there's a whole set of social applications that didn't exist five years ago and most were built on PaaS. Some of the giants in this space were bootstrapped at first but were able to get started with PaaS and rapidly built massively disruptive businesses that have changed the way companies connect with prospective customers. Corporate IT is another constituency that will benefit tremendously. They will use PaaS to deliver a suite of customized and integrated applications as a service that enable their workforces to be more productive.

This is why we're enhancing our architecture. You can choose your infrastructure and hundreds of permutations of components in your software stack. You can integrate third-party add-ons such as application monitoring, email or any other capability with just a single click. With new user interface improvements, you can easily plan, deploy, monitor and manage applications and iterate several times a day.
That's our mission - to help developers innovate and make applications that change the world. And this is just the beginning.